Unable to decode incoming request

Michael Dahlberg olgamirth at gmail.com
Tue Mar 13 19:39:38 EDT 2018

On March 13, 2018 at 5:39:07 PM, Cantor, Scott (cantor.2 at osu.edu) wrote:

> Bummer. I was sort of hoping to fix their metadata so that I could move
> project along. Thanks, anyway, Scott.

They aren't using metadata to begin with, obviously, or it would be
working. I don't really understand what you think is happening, but I
assume they manually pointed at a SAML 1 legacy endpoint, that's all. It's
going to /idp/profile/Shibboleth/SSO I would assume.

I thought, from what you said, that once I successfully authenticated, they
were redirecting me to a different AssertionConsumerService location, than
the one in their metadata (in my mind, I associate that value with an
endpoint).  Since the two “endpoints” were different, the Authentication
Request could not be decoded.  It never occurred to me that you were
talking about my (IdP) endpoint.  I think I understand now.  Is there any
way to confirm that they are going to the SAML 1 legacy endpoint?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180313/178e8c81/attachment.html>

More information about the users mailing list